American Corporate Software Can No Longer Be Trusted For Anything

The discussions around SOPA have shown a very unfortunate side of United States policymaking — that its policymakers are not the slightest afraid of legislatively ordering American-run corporations to sabotage their customers in order to further United States foreign policy.

Today, software from two American companies – Microsoft and Apple – run most of the world’s infrastructure, in terms of governments, authorities, social security, et cetera. It has come to be taken for so granted, you can barely buy a piece of hardware for the current ecosystem without code from at least one of these two American corporations.

(UPDATE: I’ve seen quite a few network admins complain about this assertion. Note that I’m not pointing to network infrastructure such as switches, raw iron or web servers, but society’s infrastructure: social security, medical records, police databases. In my experience, almost all of these are consultant-written solutions on top of Windows, or sometimes Apple, platforms.)

There is a problem with proprietary, closed software, which makes me a bit uneasy. We get a serious democratic deficit when the citizens are not able to inspect if the computers running the country’s administrations are actually doing what they claim to be doing, doing all that and something else invisibly on top, doing the wrong thing in the wrong way at the wrong time, or doing nothing at all. (Judging from most governmental IT projects, they all fall into one of these four categories.)

But this problem is peanuts compared to what has just appeared. In the debate around the American Stop Online Piracy Act, American legislators have demonstrated a clear capability and willingness to interfere with the technical operations of American products, when doing so furthers American political interests regardless of the policy situation in the customer’s country. Actually, it’s even worse: American legislators have demonstrated a willingness to do this just because of the different laws in the customer’s country, outside of the United States.

American legislators are now taking themselves the right to sabotage technical global resources just because they happen to be run from within the imaginary lines in the sand that we call America.

Worded differently, the American legislature has taken itself the right to sabotage American products, boobytrapping them to enforce American laws and economic interests outside of its borders by directly sabotaging the administration of other countries.

It doesn’t matter if this abomination of a mail-order law, SOPA, passes this time around. The American legislators have shown beyond any doubt that they would not hesitate a second to push America’s trade interests by using the fact that American-written code is running the administration in many, if not most, countries.

As a result, American corporate code cannot be trusted from this day onwards. That specifically means Microsoft and Apple. Shifting from these platforms takes years, and American legislators can decide to enforce American trade interests in much shorter time than that. Therefore, the shift needs to start as soon as possible.

What to shift to, I hear you ask? Android is hardly an alternative, as it too is American-made (albeit by a slightly better player, Google, that is still as much under the jurisdiction under these powercrazy legislators). Other countries’ legislators may get just as intense a power trip at short notice.

If there was ever a compelling overriding reason of national security and sovereignty to switch to free software, this is it. And there’s no shortage of good free software — I’ve been running free software almost exclusively for the past decade, save for very specialized tasks.

Free software is not a matter of money anymore, if it ever was. It’s a matter of freedom and sovereignty.

UPDATE – TLDR: American legislators rule over American companies. These legislators have just demonstrated a willingness and a capability to build in a projection of American trade interests into American IT products, by forcing the corporations on US soil to do so. More often than not, this is not in the interest of the country where the customer is located, or even legal there. Since American legislators have demonstrated this capability and willingness, American corporate software can no longer be trusted, through no fault of the corporations concerned.

Rick Falkvinge

Rick is the founder of the first Pirate Party and a low-altitude motorcycle pilot. He works as Head of Privacy at the no-log VPN provider Private Internet Access; with his other 40 hours, he's developing an enterprise grade bitcoin wallet and HR system for activism.

Discussion

ForskarGurra

December 27, 2011

Why there wouldn’t be any built-in “back-doors” on corporate OSes is a very good question. The information gathered could probably be sold for very good money… If it could, it’s very naïve to think that someone wouldn’t try…

Hmm. I may have had a mixed environment. My recollection is that I started using Ubuntu for production some time 2005. Come to think of it, even that isn’t a decade.

Anoneymousse

July 18, 2012

You may want to correct and remove “exclusively” from your claim to having used Free Software over the last decade. You don’t want this very little thing to have an impact on your credibility.

@icanhazsake

July 23, 2012

He said almost exclusively. And I can see his point, sometimes you are forced onto Windows and proprietary software because there’s no open alternative or the alternative isn’t nearly enough to fulfill your needs.

Ingmar

December 27, 2011

“Free software is not a matter of money anymore, if it ever was. It’s a matter of freedom and soverignty.”

For private use maybe, but otherwise it’ll always be about money. A properly run corporation will always choose what it believes is the most cost effective solution. The initial purchase price is usually irrelevant compared to the total cost of ownership. (Ownership is obviously a rather poor choice of words here, but that’s the term in use.)

Free software is not always free-as-in-beer anyway. Every program you buy should have open access to the source code.

ANNM

December 27, 2011

But software that does sneaky secret things behind your back can hardly be called a “solution”. At least not if your business in any way at all depends on being able to keep secrets from your competitors, whether they be technical, financial or strategic.

Rick Falkvinge

December 27, 2011

But this was not about what corporations buy. They may choose to trust whomever, just like we may on an individual level.

When it comes to the software that literally rules our lives, however, it is more than decent — it should be required — that we at least get to see what it is the code actually does.

Stefan

December 27, 2011

When doing the cost analysis you must also factor in security. Specifically you have to answer the questions:
What is the cost if a piece of information is leaked?
What is the probability that the information is leaked when using the system?
What is the cost to lower the probability of information leakage to an acceptable level?

This gives the total cost of a reasonable level of security, comparing different systems by these criteria gives the best choice from a security standpoint. Do not take this lightly, failing this may very well put you out of business.
Unfortunately the recent actions of the US government means that you have to assume that your information is leaked. When buying US operating systems and software you also have to budget for heavy security measures if information security is important to you.

N

January 3, 2012

A bit of a funny example why not-open-source software shouldn’t be trusted

I just looked you up on Wikipedia, and I’m surprised that your article looks like you don’t know this…

Freeware: Software that is free.
Proprietary: Not free.

Open source: Software that you can see the code.
Closed source: Software that you cannot see the code.

There is software that is Proprietary Open Source, and software that is Freeware Closed Source.

*Limewire was popular, free, and open source, yet it leaked information to the FBI. (USA)
*I can’t actually find information on it now, other than it may have been a hack and not a system the FBI had them add like I remember it being.

Rick Falkvinge

December 27, 2011

With free software, I refer to software that adheres to the four freedoms as defined by the FSF.

It is completely pointless to be able to see the source of a delivered proprietary executable binary, as there is no way for you to verify that the binary is indeed the result of compiling the source code you are viewing. The only way to know that is to compile it yourself, using your own tools.

That is an excellent story, essay, and food for thought. I read it long ago and refer to it frequently (I actually considered mentioning it in my comment above, but thought I would digres too much from my main point).

So, today, “security” is more about (mostly misplaced) “trust” than anything else. It’s more about chosing who you want to be allowed to get your data (unless you can afford to maintain computers in network, EMF, sound and energy grid isolation).

Regarding the (closed-source) “productivity” claims, Linux is easier to use, immensely more stable and reliable, and offers its inners to public scrutiny – crutial things that Windows lacks more and more as time goes (at least, you can strip-down and ‘fork’ Linux).

The real (and significant) advantage of open-source is its long-term relevance (closed-source vendors use planned obsolescence to sell licenses).

As a consequence, you can build a durable future on Linux – an option which others severy lack.

Rincewind

December 27, 2011

No, free software is not freeware. Proprietary software is never open source, but open source is not necessarily free software. Free is in this case free as in speech, it allows you to see the code, modify, use and redistribute it.

For governments in particular free software should be prioritized ad they should have more important goals than maximise profit. Unfortunately most governments seem slightly confused by modern times.

Gnu.org and Richard Stallman can inform you.

Björn Persson

December 28, 2011

Citrus Rain appears to be quite confused about the terminology.

The word “freeware” is commonly used to denote gratis unfree software. The author encourages you to share the binary program with your friends and does not demand license fees, but he keeps the source code secret so that it’s very difficult to modify the program or inspect how it works. So yes, freeware closed source exists, or rather, the source of freeware is closed.

“Free Software” is, as Rick said, software that adheres to the four freedoms as defined by the FSF:
· The freedom to run the program, for any purpose.
· The freedom to study how the program works, and change it so it does your computing as you wish.
· The freedom to redistribute copies so you can help your neighbor.
· The freedom to distribute copies of your modified versions to others.
A gratis binary program with secret source code doesn’t give you all these four freedoms. Therefore freeware is not Free Software.

“Open Source” is a term defined by the Open Source Initiative. It means much more than just showing the code. Open Source gives you the same freedoms as Free Software does. The Open Source Definition was intentionally designed to be equivalent to the definition of Free Software, making “Open Source” another term for Free Software. The difference is in the marketing. The purpose of calling it “Open Source” was to promote Free Software in the corporate world without mentioning freedom. So no, “Proprietary Open Source” does not exist, that’s an oxymoron.

That’s the problem with the term “free software”. Because of the fact that English is a stupid language, it doesn’t easily convey the actual intended meaning: software that gives you freedom.

Come to think of it, pretty much every buzzphrase that the Free Software Movement came up with is kinda terrible. GNU is an extremely ugly name, for example. Maybe they’re just so anti-corporate that they intentionally ignore marketing advice.

But I digress. “Free software” is confusing. That’s why people started saying “free/libre open source software”. “FLOSS” for short; as in, something that everybody knows they should do, but won’t because it’s inconvenient.

Björn Persson

December 28, 2011

As Citrus Rain just demonstrated, “Open Source” also fails to convey the intended meaning. People tend to think it means only that you’re allowed to look at the source code. Microsoft for example played on this confusion with its “shared source” campaign. Open Source advocates have to explain time and again that it means much more than just looking at the code – and they have to explain it in a rather roundabout way to convey the four freedoms without using the word “freedom”.

Conflations like “FOSS” and “FLOSS” aren’t likely to be adopted by either camp. At least the Open Source Initiative can’t use them, because they want to avoid the word “free”, and I suspect that the Free Software Foundation will by now dislike anything that includes the words “open source”. Saying “libre” may be a good way of avoiding the ambiguity of “free” though.

Rick Falkvinge

December 28, 2011

Alas, using libre is also a good way of avoiding comprehensible English.

mmu_man

December 27, 2011

Everyone should just switch to Haiku 😉

Rick Falkvinge

December 27, 2011

Important freedoms
taken out by lawmakers
are cause for concern

Andrew

December 27, 2011

This entire argument is a non sequitur. The dominance of Apple & Microsoft software has nothing to do with the legislation of SOPA. And the administration of SOPA does not dictate “booby traps” in American proprietary software products; it can be done in DNS without any software cooperation (and will impact Linux as well as MacOs/Windows, unless workarounds are developed and put into place). You’ve simply started with the point you already wanted to assert: “We should switch to free software”, and thrown some non-related points in front of it.

Rick Falkvinge

December 27, 2011

Then you’re missing my point, which is this:

American legislators rule over American companies.

American companies happen to be dominant suppliers of software. Closed software.

American legislators have just demonstrated a willingness and a capability to build in a projection of American trade interests into American IT products, by forcing the corporations on US soil to do so. More often than not, this is not in the interest of the country where the customer is located, or even legal there.

Since American legislators have demonstrated this capability and willingness, American corporate software can no longer be trusted, through no fault of the corporations in question.

A concrete precursory example can also be seen in how domains have been seized despite fulfilling all the laws where the operations take place.

JM

March 26, 2012

Just by-the-by, whatever about libre-und-gratis software,
also remember that the hardware is nowadays, from the hand device via the radio nets and networks, to the routers and racks, mostly running on asian-manufactured chips.

I recall a story somewhere about US military users of such chips, who idly wondered if the chips being delivered exactly matched the designs sent to the fab.

It seems that after all, some extra or different stuff had ended up in the hardware (that runs the planes and missiles, etc. ….)

Scary Devil Monastery

December 30, 2011

SOPA doesn’t dictate very much at all – what it does is impose stiff penalties and punitive authority circumventing most normal jurisprudence if certain criteria aren’t obeyed.

Since many of the criteria considered stringent under SOPA effectively falls under the terminology of “Magic and Clairvoyance” software developers will have to be very cautious indeed even writing software. Because if a court interpretation of SOPA does call for measures which you could only fulfill by adding a government-use backdoor in Windows 7, say, then Microsoft will have only one choice – adding such a backdoor in the next patch.

This is the problem with much of the legislation coming out regarding the internet today – it assumes abilities which no one possesses but the existence of such abilities are still assumed by law. The most obvious one would be the abolishment of Safe Harbor – which generates a legal environment where user-generated content can not effectively exist.

“Free software is not a matter of money anymore, if it ever was. It’s a matter of freedom and sovereignty.”
You should mention “time” as well.

steelneck

December 28, 2011

Non-free software is like politics behind closed doors, politicians that cannot be held responsible. Yes i know, most people cannot read code end even those who can, have no chance to check it all. But the applies to politics, most people do not check everything our politicians does, but it is enough that someone does and can blow the whistle. All those people around the world who are engaged in making software distributions, operating systems put together of free code that is compiled to binary distributions, are poking around in the code and checking things. It is possible to sneak in malicious code, but there is always a big chance it will be discovered and in every properly maintained codebase there is a record of who committed what code and when. Unfree software is like politics without a check to it. It is dangerous!

I am 100% sure that the computer with windows used by any high profile politician or company leader, is wide open to a small number of people who controls the software running on it. Firewalls you may say? Some of those tend to be even more closed for scrutiny and may leak things of the whole network behind them. Not to talk about virus programs, those are made by companies that even have an economical incentive that there always are some infected computers around the world for setting an example so that people continue to buy those programs and updates. I regard those programs as malicious backdoors.

Every person who run unfree operating systems on their computers are both victims and perpetrators since they help madness going by pure herd mentality. And do not get me started on those walled gardes like Facebook, that is _the_ most destructing thing that eves happened to the net, ever! And Rick here is a bigger perpetrator on tha account than most other due to who he is. If someone needs to have the moral high ground in this issue it is Rick and the whole PirateParty leadership, but no, they just help it keep growing and going.

Ted Seeber

December 28, 2011

Why would they push “America’s Trade Interests” now when they’ve spent the last 40 years sabotaging our trade interests (hint, a country running constant trade deficits isn’t exactly profitable)?

Rick Falkvinge

December 28, 2011

If you had a person who had been accumulating debt for 40 years, how would you say that person is likely to behave?

You can’t have it both ways here. Either downloading something creates demand, or it doesn’t.

The point raised above is a demasking for showing what the people in power are really after: control of the net, through whatever arguments they find well-sounding at the time, even if (as here) inconsistent with each other.

This doesn’t contradict with Rick’s main point (which I 100% agree with, by the way), but just to clarify something touched on by other commenters:

“Open source” and “free software” mean the same thing. They confer the same sets of freedoms.

Specifically, “open source” does not *only* mean you can see the code; it also means you can make copies, distribute copies, modify your copies, and distribute your modified versions, if you want. If you don’t have those rights, then it’s not open source (nor is it free software). See http://opensource.org/docs/osd as a primary source.

For historical reasons, we have two terms for the same thing. But don’t let that make you think there are two things here — there’s only one.

And Rick’s right: if you’re running software controlled by a monopoly, then you don’t own your computer. Someone else does, and as Rick points out, that someone else is increasingly likely to be a U.S. legislature. As a U.S. taxpayer, I feel I’m getting my money’s worth. People in other places may feel differently, however!

mathieui

December 29, 2011

Well, Open Source means basically the same thing as Free Software, indeed, but, there is more to it than just a difference in vocabulary.

They are strictly the same in software licensing, as they define the same basic principles, but I would argue that this is not the same ethic.

Open Source is about using a model that has proven efficiency in order to have the best product, Free Software is about making software free as in free speech, and sticking to the principles of Freedom. Sometimes, the difference does not show very much, but sometimes you can see, e.g. OpenOffice was a product of Open Source, because Sun used to be quite unresponsive and there was some insider opposition about changes that were not made (like a developer that does not want to translate his german comments or have them translated), even while some external contributions were added ; LibreOffice, on the contrary, is much more Free Software than Open Source, in the way it is managed. This comparison may seem to show that « Open source → for companies , and Free Software → for individuals and ethics groups », it is not always the case, but is often is.

Open Source is a paradigm used to attain the best result possible, and there is nothing wrong with it, but Free Software is a state of mind. I guess you could say that they are two faces of the same coin.

Putte

December 28, 2011

True indeed.

What I find incomprehensible and against the shareholders’ interest is the extent to which US firms are willing to voluntarily become an arm of the US military-espionage complex. US software giants are shooting themselves in the foot. They could refuse and resist but chose not to.

When the Bush administration asked US telcos to help with massive illegal wiretapping around 2003-2004 all the telcos co-operated – with the exception of the small rural US operator Qwest and German owned T-Mobile.

There are extensive rumors of visits to the HQs is Silicon Valley of black cars with men in dark suits from NSA who demand that US software firm should be “patriotic” and add backdoors for the NSA/CIA/FBI/DEA/etc. (Referred in the Swedish book Övervakad by Pär Ström). Considering the willingness to block Wikileak’s finances I am inclined to believe these rumors.

These espionage backdoors have been used to help US corporations who compete with European and Asian companies. For example, when European defense firms competed with American corporations for a large defense contract in the Middle East in the 1990s. NSA spied on the European firms to find proof of bribes paid to the Saudi officials (from Pär Ströms book). The result was lost jobs in Europe.

The Russian government was aware of this risk already in the 1990s and refused to use Windows software if they couldn’t inspect the source code and compile the software themselves. Microsoft complied and today there is a “Government Security Program” where central governments and the military can by Windows as a source code. Many national governments use this option today, but private companies are excluded.

European firms are incredibly naïve when they use US software as their own IT backbone infrastructure without any assurance or security diligence.

PS. When a large US bank recently wanted to buy software from a small Swedish IT-firm for a mission critical function they demanded to scrutinize the source code.

C R Muthukrishnan

December 28, 2011

The point made is valid and a matter of concern. Ritchie and Thompson (Unix creators), in their Turing award talk “Reflections on Trust – Do we trust the program or the programmer” articulate the point well. The point extends to not only corporate software but about most software. Even where the software is available for perusal and examination, it is very doubtful if we have the talent and resources to scrutinize and check anything apriori to the large scale release and deployment of the software. However, I do see “Due Diligence” approaches to software adoption and use applied to a greater degree in practice (e.g. Driver Signing used by Microsoft)

We may consider the software, for this discussion, into two main parts – infrastructure and application. Infrastructure usually provides extendability which apps can misuse. Apps have, necessarily, as required by the services they provide, access to user’s (customer’s, citizen’s) data.
This poses many more concerns – who is responsible? – the doctor or the medical equipment?

To conclude, the concern is important but the solutions need to factor in professional ethics and practice in addition to terms of contracts, licensing, law and enforcement.

[…] American corporate software can no longer be trusted for anything The discussions around SOPA have shown a very unfortunate side of United States policymaking — that its policymakers are not the slightest afraid of legislatively ordering American-run corporations to sabotage their customers in order to further United States foreign policy. … Free software is not a matter of money anymore, if it ever was. It’s a matter of freedom and sovereignty. […]

Coinhunter

December 28, 2011

The points made in the article are irrefutable from a logical standpoint. It seems however that policymakers in individual countries are dumbfounded by the notion that national security should mean not trusting other countries with national databases. In the case of the U.S. it is perhaps a lingering trust from a bygone era but I believe if it were e.g. Russian, Indian or Chinese software we were talking about the situation would have been handled long ago. Rick – I wish you good luck in future endeavors concerned with waking up the people in power to this fact. : )

[…] American corporate software cannot be trusted Today, software from two American companies — Microsoft and Apple — run most of the world’s infrastructure, in terms of governments, authorities, social security, et cetera. Be afraid people… Be very afraid. […]

The people who put forth this legislation in Congress were not tech savvy and did not have all the information. When they saw that it was very controversial, they withdrew it. This was a triumph of direct, grassroots action.

This was a wonderful example of democracy in action — and of the power of social media. We should be encouraged and energized, not cynical and bitter.

Maverick

February 27, 2012

I think you are missing some major topics and misleading others about Google. Google is just as bad if not worse than MS and Apple. Google is and advertising company at its core and all they care about is your information!
Apple are control freaks and even Steve Jobs said he wanted your medical information on iCloud also (see his biography).
No for the Free and Open software. Red Hat is based out of North Carolina, SuSe is also in North America, Canadians OMG. Right there you have two very large distro’s. Now lets talk Ubuntu …England….oh yes they have a lot of privacy….cameras on every corner.
My point is the probem isn’t so much in the software as it is in politics. It is just that computer companies are able to voluntary information that people readily give up because they are to lazy to rtfm.
Look at facebook apps and the information they steal. This week there is a news article that Facebook is reading users phone sms messages! http://www.zdnet.co.uk/blogs/communication-breakdown-10000030/facebook-strikes-back-at-sms-reading-android-claims-10025499/

Is a social structure problem and the herders leading the sheep are really wolves.

Meta

All original text on this site is under a Creative Commons Zero license ("public domain"). That includes any comments you submit. Syndicated articles that were first published elsewhere (clearly marked as such) are under the original license, typically a very permissive Creative Commons. Powered by Probewise.